Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   KerioControl (WinRoute Firewall) Vendors:   Kerio Technologies
Kerio WinRoute Firewall Administration Interface Flaw Lets Remote Users Create Denial of Service Conditions
SecurityTracker Alert ID:  1006426
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 31 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.0.1
Description:   A denial of service vulnerability was reported in Kerio WinRoute Firewall. A remote user can cause CPU utilization to rise and connection requests to be dropped.

Positive Technologies reported that a remote user can send a single HTTP request to the firewall's web-based administration port (tcp 4080) to cause CPU utilization to reach 100%. According to the report, about half of the subsequent connection requests will be dropped.

A demonstration exploit request (without the expected 'Server' line) is provided:

GET / HTTP/1.0
Authorization: Basic XXX

Impact:   A remote user can cause the target host's processor utilization to reach 100% and connections to the target to be dropped.
Solution:   The vendor has released a fixed version (5.0.2).

The author of the report indicates that you can also block remote access to TCP port 4080 on the firewalled host.

Vendor URL: (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall

               Positive Technologies Security Advisory

        Title: DoS-attack in Kerio WinRoute Firewall
         Date: March, 07 2003
     Severity: High
  Application: Kerio WinRoute Firewall 5.0.1
     Platform: Windows 95/98/ME/NT/2000/XP
Vendor Status: Notified, patched in version 5.0.2




Denial  of  Service  condition  exists  in Kerio WinRoute Firewall's Web
administration interface which hand service with 100% CPU utilization.

Positive  Technologies  reports that single simple HTTP request to Kerio
Winroute Firewall Web administration interface (TCP/4080)

GET / HTTP/1.0
Authorization: Basic XXX

instead of correct one:

GET / HTTP/1.0
Host: server
Authorization: Basic XXX

causes 100% CPU utilization of attacked computer.



Remote  user  can  launch denial of service attack against web interface
(port TCP/4080). Single request causes 100% CPU utilization. As a result
more  than  50%  of  future  connection  requests may be lost disturbing
normal functionality of the networking services.



Block TCP/4080 access or upgrade to Kerio WinRoute Firewall 5.0.2.



Vendor was notified on 10.03.2003.



Positive Technologies is information security company especially focused on
protection of corporate networks from external attacks. The main trend of
wide range of services in the filed of information security: from network
architecture development or optimization to consulting and custom software
source-code examination.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC